ID CVE-2014-9294
Summary util/ntp-keygen.c in ntp-keygen in NTP before 4.2.7p230 uses a weak RNG seed, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.
References
Vulnerable Configurations
  • NTP 4.2.7
    cpe:2.3:a:ntp:ntp:4.2.7
CVSS
Base: 7.5 (as of 01-11-2016 - 13:05)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2449-1.NASL
    description Neel Mehta discovered that NTP generated weak authentication keys. A remote attacker could possibly use this issue to brute force the authentication key and send requests if permitted by IP restrictions. (CVE-2014-9293) Stephen Roettger discovered that NTP generated weak MD5 keys. A remote attacker could possibly use this issue to brute force the MD5 key and spoof a client or server. (CVE-2014-9294) Stephen Roettger discovered that NTP contained buffer overflows in the crypto_recv(), ctl_putdata() and configure() functions. In non-default configurations, a remote attacker could use these issues to cause NTP to crash, resulting in a denial of service, or possibly execute arbitrary code. The default compiler options for affected releases should reduce the vulnerability to a denial of service. In addition, attackers would be isolated by the NTP AppArmor profile. (CVE-2014-9295) Stephen Roettger discovered that NTP incorrectly continued processing when handling certain errors. (CVE-2014-9296). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2017-10-29
    modified 2016-05-24
    plugin id 80218
    published 2014-12-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80218
    title Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS / 14.10 : ntp vulnerabilities (USN-2449-1)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2014-2025.NASL
    description From Red Hat Security Advisory 2014:2025 : Updated ntp packages that fix several security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The Network Time Protocol (NTP) is used to synchronize a computer's time with a referenced time source. Multiple buffer overflow flaws were discovered in ntpd's crypto_recv(), ctl_putdata(), and configure() functions. A remote attacker could use either of these flaws to send a specially crafted request packet that could crash ntpd or, potentially, execute arbitrary code with the privileges of the ntp user. Note: the crypto_recv() flaw requires non-default configurations to be active, while the ctl_putdata() flaw, by default, can only be exploited via local attackers, and the configure() flaw requires additional authentication to exploit. (CVE-2014-9295) It was found that ntpd automatically generated weak keys for its internal use if no ntpdc request authentication key was specified in the ntp.conf configuration file. A remote attacker able to match the configured IP restrictions could guess the generated key, and possibly use it to send ntpdc query or configuration requests. (CVE-2014-9293) It was found that ntp-keygen used a weak method for generating MD5 keys. This could possibly allow an attacker to guess generated MD5 keys that could then be used to spoof an NTP client or server. Note: it is recommended to regenerate any MD5 keys that had explicitly been generated with ntp-keygen; the default installation does not contain such keys). (CVE-2014-9294) All ntp users are advised to upgrade to this updated package, which contains backported patches to resolve these issues. After installing the update, the ntpd daemon will restart automatically.
    last seen 2017-10-29
    modified 2015-12-01
    plugin id 80155
    published 2014-12-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80155
    title Oracle Linux 5 : ntp (ELSA-2014-2025)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2014-17395.NASL
    description Security fix for CVE-2014-9294, CVE-2014-9295, CVE-2014-9293, CVE-2014-9296 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2017-10-29
    modified 2015-11-01
    plugin id 80310
    published 2015-01-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80310
    title Fedora 19 : ntp-4.2.6p5-13.fc19 (2014-17395)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2014-2024.NASL
    description Updated ntp packages that fix several security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The Network Time Protocol (NTP) is used to synchronize a computer's time with a referenced time source. Multiple buffer overflow flaws were discovered in ntpd's crypto_recv(), ctl_putdata(), and configure() functions. A remote attacker could use either of these flaws to send a specially crafted request packet that could crash ntpd or, potentially, execute arbitrary code with the privileges of the ntp user. Note: the crypto_recv() flaw requires non-default configurations to be active, while the ctl_putdata() flaw, by default, can only be exploited via local attackers, and the configure() flaw requires additional authentication to exploit. (CVE-2014-9295) It was found that ntpd automatically generated weak keys for its internal use if no ntpdc request authentication key was specified in the ntp.conf configuration file. A remote attacker able to match the configured IP restrictions could guess the generated key, and possibly use it to send ntpdc query or configuration requests. (CVE-2014-9293) It was found that ntp-keygen used a weak method for generating MD5 keys. This could possibly allow an attacker to guess generated MD5 keys that could then be used to spoof an NTP client or server. Note: it is recommended to regenerate any MD5 keys that had explicitly been generated with ntp-keygen; the default installation does not contain such keys). (CVE-2014-9294) A missing return statement in the receive() function could potentially allow a remote attacker to bypass NTP's authentication mechanism. (CVE-2014-9296) All ntp users are advised to upgrade to this updated package, which contains backported patches to resolve these issues. After installing the update, the ntpd daemon will restart automatically.
    last seen 2017-10-29
    modified 2015-11-01
    plugin id 80124
    published 2014-12-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80124
    title CentOS 6 / 7 : ntp (CESA-2014:2024)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2014-462.NASL
    description It was found that ntpd automatically generated weak keys for its internal use if no ntpdc request authentication key was specified in the ntp.conf configuration file. A remote attacker able to match the configured IP restrictions could guess the generated key, and possibly use it to send ntpdc query or configuration requests. (CVE-2014-9293) It was found that ntp-keygen used a weak method for generating MD5 keys. This could possibly allow an attacker to guess generated MD5 keys that could then be used to spoof an NTP client or server. Note: it is recommended to regenerate any MD5 keys that had explicitly been generated with ntp-keygen; the default installation does not contain such keys). (CVE-2014-9294) Multiple buffer overflow flaws were discovered in ntpd's crypto_recv(), ctl_putdata(), and configure() functions. A remote attacker could use either of these flaws to send a specially crafted request packet that could crash ntpd or, potentially, execute arbitrary code with the privileges of the ntp user. Note: the crypto_recv() flaw requires non default configurations to be active, while the ctl_putdata() flaw, by default, can only be exploited via local attackers, and the configure() flaw requires additional authentication to exploit. (CVE-2014-9295) A missing return statement in the receive() function could potentially allow a remote attacker to bypass NTP's authentication mechanism. (CVE-2014-9296)
    last seen 2018-04-19
    modified 2018-04-18
    plugin id 80122
    published 2014-12-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80122
    title Amazon Linux AMI : ntp (ALAS-2014-462)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2014-2024.NASL
    description From Red Hat Security Advisory 2014:2024 : Updated ntp packages that fix several security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The Network Time Protocol (NTP) is used to synchronize a computer's time with a referenced time source. Multiple buffer overflow flaws were discovered in ntpd's crypto_recv(), ctl_putdata(), and configure() functions. A remote attacker could use either of these flaws to send a specially crafted request packet that could crash ntpd or, potentially, execute arbitrary code with the privileges of the ntp user. Note: the crypto_recv() flaw requires non-default configurations to be active, while the ctl_putdata() flaw, by default, can only be exploited via local attackers, and the configure() flaw requires additional authentication to exploit. (CVE-2014-9295) It was found that ntpd automatically generated weak keys for its internal use if no ntpdc request authentication key was specified in the ntp.conf configuration file. A remote attacker able to match the configured IP restrictions could guess the generated key, and possibly use it to send ntpdc query or configuration requests. (CVE-2014-9293) It was found that ntp-keygen used a weak method for generating MD5 keys. This could possibly allow an attacker to guess generated MD5 keys that could then be used to spoof an NTP client or server. Note: it is recommended to regenerate any MD5 keys that had explicitly been generated with ntp-keygen; the default installation does not contain such keys). (CVE-2014-9294) A missing return statement in the receive() function could potentially allow a remote attacker to bypass NTP's authentication mechanism. (CVE-2014-9296) All ntp users are advised to upgrade to this updated package, which contains backported patches to resolve these issues. After installing the update, the ntpd daemon will restart automatically.
    last seen 2017-10-29
    modified 2015-12-01
    plugin id 80154
    published 2014-12-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80154
    title Oracle Linux 6 / 7 : ntp (ELSA-2014-2024)
  • NASL family AIX Local Security Checks
    NASL id AIX_IV68426.NASL
    description CVE-2014-9293 If no authentication key is defined in the ntp.conf file, a cryptographically-weak default key is generated. CVE-2014-9294 ntp-keygen before 4.2.7p230 uses a non-cryptographic random number generator with a weak seed to generate symmetric keys. CVE-2014-9295 A remote unauthenticated attacker may craft special packets that trigger buffer overflow.
    last seen 2017-10-29
    modified 2015-11-01
    plugin id 81271
    published 2015-02-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81271
    title AIX 6.1 TL 8 : ntp (IV68426)
  • NASL family CISCO
    NASL id CISCO-SN-CSCUS26956-IOSXR.NASL
    description The remote Cisco device is running a version of IOS XR software that is affected by the following vulnerabilities : - Errors exist related to weak cryptographic pseudorandom number generation (PRNG), the functions 'ntp_random' and and 'config_auth', and the 'ntp-keygen' utility. A man-in-the-middle attacker can exploit these to disclose sensitive information. (CVE-2014-9293, CVE-2014-9294) - Multiple stack-based buffer overflow errors exist in the Network Time Protocol daemon (ntpd), which a remote attacker can exploit to execute arbitrary code or cause a denial of service by using a specially crafted packet. (CVE-2014-9295) - An error exists in the 'receive' function in the Network Time Protocol daemon (ntpd) that allows denial of service attacks. (CVE-2014-9296)
    last seen 2017-10-29
    modified 2015-11-01
    plugin id 81912
    published 2015-03-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81912
    title Cisco IOS XR Multiple ntpd Vulnerabilities
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2014-17361.NASL
    description Security fix for CVE-2014-9294, CVE-2014-9295, CVE-2014-9293, CVE-2014-9296 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2017-10-29
    modified 2015-11-01
    plugin id 80147
    published 2014-12-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80147
    title Fedora 20 : ntp-4.2.6p5-19.fc20 (2014-17361)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20141220_NTP_ON_SL6_X.NASL
    description Multiple buffer overflow flaws were discovered in ntpd's crypto_recv(), ctl_putdata(), and configure() functions. A remote attacker could use either of these flaws to send a specially crafted request packet that could crash ntpd or, potentially, execute arbitrary code with the privileges of the ntp user. Note: the crypto_recv() flaw requires non- default configurations to be active, while the ctl_putdata() flaw, by default, can only be exploited via local attackers, and the configure() flaw requires additional authentication to exploit. (CVE-2014-9295) It was found that ntpd automatically generated weak keys for its internal use if no ntpdc request authentication key was specified in the ntp.conf configuration file. A remote attacker able to match the configured IP restrictions could guess the generated key, and possibly use it to send ntpdc query or configuration requests. (CVE-2014-9293) It was found that ntp-keygen used a weak method for generating MD5 keys. This could possibly allow an attacker to guess generated MD5 keys that could then be used to spoof an NTP client or server. Note: it is recommended to regenerate any MD5 keys that had explicitly been generated with ntp-keygen; the default installation does not contain such keys). (CVE-2014-9294) A missing return statement in the receive() function could potentially allow a remote attacker to bypass NTP's authentication mechanism. (CVE-2014-9296) After installing the update, the ntpd daemon will restart automatically.
    last seen 2017-10-29
    modified 2015-11-01
    plugin id 80164
    published 2014-12-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80164
    title Scientific Linux Security Update : ntp on SL6.x, SL7.x i386/x86_64
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_NTP-150209.NASL
    description ntp has been updated to fix four security issues : - ntp-keygen used a weak RNG seed, which made it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. (bsc#910764). (CVE-2014-9294) - The config_auth function, when an auth key is not configured, improperly generated a key, which made it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. (bsc#910764). (CVE-2014-9293) - ::1 can be spoofed on some operating systems, so ACLs based on IPv6 ::1 addresses could be bypassed. (bsc#910764). (CVE-2014-9298) - vallen is not validated in several places in ntp_crypto.c, leading to potential information leak. (bsc#910764). (CVE-2014-9297)
    last seen 2017-10-29
    modified 2015-11-01
    plugin id 81313
    published 2015-02-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81313
    title SuSE 11.3 Security Update : ntp (SAT Patch Number 10293)
  • NASL family AIX Local Security Checks
    NASL id AIX_IV68428.NASL
    description CVE-2014-9293 If no authentication key is defined in the ntp.conf file, a cryptographically-weak default key is generated. CVE-2014-9294 ntp-keygen before 4.2.7p230 uses a non-cryptographic random number generator with a weak seed to generate symmetric keys. CVE-2014-9295 A remote unauthenticated attacker may craft special packets that trigger buffer overflow.
    last seen 2017-10-29
    modified 2015-11-01
    plugin id 81273
    published 2015-02-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81273
    title AIX 6.1 TL 9 : ntp (IV68428)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2014-17367.NASL
    description Security fix for CVE-2014-9294, CVE-2014-9295, CVE-2014-9293, CVE-2014-9296 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2017-10-29
    modified 2015-11-01
    plugin id 80237
    published 2014-12-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80237
    title Fedora 21 : ntp-4.2.6p5-25.fc21 (2014-17367)
  • NASL family F5 Networks Local Security Checks
    NASL id F5_BIGIP_SOL15935.NASL
    description util/ntp-keygen.c in ntp-keygen in NTP before 4.2.7p230 uses a weak RNG seed, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.
    last seen 2017-10-29
    modified 2016-10-31
    plugin id 92384
    published 2016-07-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92384
    title F5 Networks BIG-IP : NTP vulnerability (SOL15935)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201412-34.NASL
    description The remote host is affected by the vulnerability described in GLSA-201412-34 (NTP: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in NTP. Please review the CVE identifiers referenced below for details. Impact : A remote unauthenticated attacker may be able to execute arbitrary code with the privileges of the process, cause a Denial of Service condition, and obtain sensitive information that could assist in other attacks. Workaround : There is no known workaround at this time.
    last seen 2017-10-29
    modified 2015-11-01
    plugin id 80239
    published 2014-12-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80239
    title GLSA-201412-34 : NTP: Multiple vulnerabilities
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2015-140.NASL
    description Updated ntp packages fix security vulnerabilities : If no authentication key is defined in the ntp.conf file, a cryptographically-weak default key is generated (CVE-2014-9293). ntp-keygen before 4.2.7p230 uses a non-cryptographic random number generator with a weak seed to generate symmetric keys (CVE-2014-9294). A remote unauthenticated attacker may craft special packets that trigger buffer overflows in the ntpd functions crypto_recv() (when using autokey authentication), ctl_putdata(), and configure(). The resulting buffer overflows may be exploited to allow arbitrary malicious code to be executed with the privilege of the ntpd process (CVE-2014-9295). A section of code in ntpd handling a rare error is missing a return statement, therefore processing did not stop when the error was encountered. This situation may be exploitable by an attacker (CVE-2014-9296). Stephen Roettger of the Google Security Team, Sebastian Krahmer of the SUSE Security Team and Harlan Stenn of Network Time Foundation discovered that the length value in extension fields is not properly validated in several code paths in ntp_crypto.c, which could lead to information leakage or denial of service (CVE-2014-9297). Stephen Roettger of the Google Security Team reported that ACLs based on IPv6 ::1 (localhost) addresses can be bypassed (CVE-2014-9298). The ntp package has been patched to fix these issues.
    last seen 2017-10-29
    modified 2015-11-01
    plugin id 82393
    published 2015-03-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82393
    title Mandriva Linux Security Advisory : ntp (MDVSA-2015:140)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3108.NASL
    description Several vulnerabilities were discovered in the ntp package, an implementation of the Network Time Protocol. - CVE-2014-9293 ntpd generated a weak key for its internal use, with full administrative privileges. Attackers could use this key to reconfigure ntpd (or to exploit other vulnerabilities). - CVE-2014-9294 The ntp-keygen utility generated weak MD5 keys with insufficient entropy. - CVE-2014-9295 ntpd had several buffer overflows (both on the stack and in the data section), allowing remote authenticated attackers to crash ntpd or potentially execute arbitrary code. - CVE-2014-9296 The general packet processing function in ntpd did not handle an error case correctly. The default ntpd configuration in Debian restricts access to localhost (and possible the adjacent network in case of IPv6). Keys explicitly generated by 'ntp-keygen -M' should be regenerated.
    last seen 2017-10-29
    modified 2015-11-01
    plugin id 80208
    published 2014-12-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80208
    title Debian DSA-3108-1 : ntp - security update
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2015-0322-1.NASL
    description xntp has been updated to fix two security issues : - CVE-2014-9298: ::1 can be spoofed on some OSes, so ACLs based on IPv6 ::1 addresses can be bypassed (bnc#911792). - CVE-2014-9297: vallen is not validated in several places in ntp_crypto.c, leading to potential info leak (bnc#911792). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2017-10-29
    modified 2015-11-01
    plugin id 83685
    published 2015-05-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83685
    title SUSE SLES10 Security Update : xntp (SUSE-SU-2015:0322-1)
  • NASL family HP-UX Local Security Checks
    NASL id HPUX_PHNE_44235.NASL
    description s700_800 11.11 NTP timeservices upgrade plus utilities : Potential security vulnerabilities have been identified with HP-UX running NTP. These could be exploited remotely to execute code, create a Denial of Service (DoS), or other vulnerabilities. References: CVE-2014-9293 - Insufficient Entropy in Pseudo-Random Number Generator (PRNG) (CWE-332) CVE-2014-9294 - Use of Cryptographically Weak PRNG (CWE-338) CVE-2014-9295 - Stack Buffer Overflow (CWE-121) CVE-2014-9296 - Error Conditions, Return Values, Status Codes (CWE-389) CVE-2014-9297 - Improper Check for Unusual or Exceptional Conditions (CWE-754) SSRT101872 VU#852879.
    last seen 2017-10-29
    modified 2015-11-01
    plugin id 82682
    published 2015-04-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82682
    title HP-UX PHNE_44235 : s700_800 11.11 NTP timeservices upgrade plus utilities
  • NASL family CISCO
    NASL id CISCO-SA-20141222-NTPD-PRIME_DCNM.NASL
    description According to its self-reported version number, the Cisco Prime Data Center Network Manager (DCNM) running on the remote host is affected by multiple vulnerabilities : - A security weakness exists due to the config_auth() function improperly generating default keys when no authentication key is defined in the 'ntp.conf' file. Key size is limited to 31 bits and the insecure ntp_random() function is used, resulting in cryptographically weak keys with insufficient entropy. This allows a remote attacker to defeat cryptographic protection mechanisms via a brute-force attack. (CVE-2014-9293) - A security weakness exists due the use of a weak seed to prepare a random number generator used to generate symmetric keys. This allows remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. (CVE-2014-9294) - Multiple stack-based buffer overflows exist due to improperly validated user-supplied input when handling packets in the crypto_recv(), ctl_putdata(), and configure() functions when using autokey authentication. This allows a remote attacker, via a specially crafted packet, to cause a denial of service condition or execute arbitrary code. (CVE-2014-9295) - A unspecified vulnerability exists due to missing return statements in the receive() function, resulting in continued processing even when an authentication error is encountered. This allows a remote attacker, via crafted packets, to trigger unintended association changes. (CVE-2014-9296) - A security bypass vulnerability exists in the function read_network_packet() due to a failure to restrict ::1 source addresses on IPv6 interfaces. This allows a remote attacker to bypass configured ACLs based on ::1. (CVE-2014-9298) This plugin determines if DCNM is vulnerable by checking the version number displayed in the web interface. The web interface is not available in older versions of DCNM.
    last seen 2017-10-29
    modified 2015-11-01
    plugin id 83876
    published 2015-05-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83876
    title Cisco Prime Data Center Network Manager ntpd Multiple Vulnerabilities (uncredentialed check)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20141220_NTP_ON_SL5_X.NASL
    description Multiple buffer overflow flaws were discovered in ntpd's crypto_recv(), ctl_putdata(), and configure() functions. A remote attacker could use either of these flaws to send a specially crafted request packet that could crash ntpd or, potentially, execute arbitrary code with the privileges of the ntp user. Note: the crypto_recv() flaw requires non- default configurations to be active, while the ctl_putdata() flaw, by default, can only be exploited via local attackers, and the configure() flaw requires additional authentication to exploit. (CVE-2014-9295) It was found that ntpd automatically generated weak keys for its internal use if no ntpdc request authentication key was specified in the ntp.conf configuration file. A remote attacker able to match the configured IP restrictions could guess the generated key, and possibly use it to send ntpdc query or configuration requests. (CVE-2014-9293) It was found that ntp-keygen used a weak method for generating MD5 keys. This could possibly allow an attacker to guess generated MD5 keys that could then be used to spoof an NTP client or server. Note: it is recommended to regenerate any MD5 keys that had explicitly been generated with ntp-keygen; the default installation does not contain such keys). (CVE-2014-9294) After installing the update, the ntpd daemon will restart automatically.
    last seen 2017-10-29
    modified 2015-11-01
    plugin id 80163
    published 2014-12-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80163
    title Scientific Linux Security Update : ntp on SL5.x i386/x86_64
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2015-003.NASL
    description Updated ntp packages fix security vulnerabilities : If no authentication key is defined in the ntp.conf file, a cryptographically-weak default key is generated (CVE-2014-9293). ntp-keygen before 4.2.7p230 uses a non-cryptographic random number generator with a weak seed to generate symmetric keys (CVE-2014-9294). A remote unauthenticated attacker may craft special packets that trigger buffer overflows in the ntpd functions crypto_recv() (when using autokey authentication), ctl_putdata(), and configure(). The resulting buffer overflows may be exploited to allow arbitrary malicious code to be executed with the privilege of the ntpd process (CVE-2014-9295). A section of code in ntpd handling a rare error is missing a return statement, therefore processing did not stop when the error was encountered. This situation may be exploitable by an attacker (CVE-2014-9296). The ntp package has been patched to fix these issues.
    last seen 2017-10-29
    modified 2015-11-01
    plugin id 80384
    published 2015-01-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80384
    title Mandriva Linux Security Advisory : ntp (MDVSA-2015:003)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2015-0002.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - don't generate weak control key for resolver (CVE-2014-9293) - don't generate weak MD5 keys in ntp-keygen (CVE-2014-9294) - fix buffer overflows via specially-crafted packets (CVE-2014-9295) - increase memlock limit again (#1035198) - allow selection of cipher for private key files (#741573) - revert init script priority (#470945, #689636) - drop tentative patch (#489835) - move restorecon call to %posttrans - call restorecon on ntpd and ntpdate on start (#470945) - don't crash with more than 512 local addresses (#661934) - add -I option (#528799) - fix -L option to not require argument (#460434) - move ntpd and ntpdate to /sbin and start earlier on boot (#470945, #689636) - increase memlock limit (#575874) - ignore tentative addresses (#489835) - print synchronization distance instead of dispersion in ntpstat (#679034) - fix typos in ntpq and ntp-keygen man pages (#664524, #664525) - clarify ntpd -q description (#591838) - don't verify ntp.conf (#481151) - replace Prereq tag - fix DoS with mode 7 packets (#532640, CVE-2009-3563) - compile with -fno-strict-aliasing - fix buffer overflow when parsing Autokey association message (#500784, CVE-2009-1252) - fix buffer overflow in ntpq (#500784, CVE-2009-0159) - fix check for malformed signatures (#479699, CVE-2009-0021)
    last seen 2017-10-29
    modified 2017-02-14
    plugin id 80395
    published 2015-01-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80395
    title OracleVM 2.2 : ntp (OVMSA-2015-0002)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2015-0104.NASL
    description Updated ntp packages that fix several security issues are now available for Red Hat Enterprise Linux 6.5 Extended Update Support. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The Network Time Protocol (NTP) is used to synchronize a computer's time with a referenced time source. Multiple buffer overflow flaws were discovered in ntpd's crypto_recv(), ctl_putdata(), and configure() functions. A remote attacker could use either of these flaws to send a specially crafted request packet that could crash ntpd or, potentially, execute arbitrary code with the privileges of the ntp user. Note: the crypto_recv() flaw requires non-default configurations to be active, while the ctl_putdata() flaw, by default, can only be exploited via local attackers, and the configure() flaw requires additional authentication to exploit. (CVE-2014-9295) It was found that ntpd automatically generated weak keys for its internal use if no ntpdc request authentication key was specified in the ntp.conf configuration file. A remote attacker able to match the configured IP restrictions could guess the generated key, and possibly use it to send ntpdc query or configuration requests. (CVE-2014-9293) It was found that ntp-keygen used a weak method for generating MD5 keys. This could possibly allow an attacker to guess generated MD5 keys that could then be used to spoof an NTP client or server. Note: it is recommended to regenerate any MD5 keys that had explicitly been generated with ntp-keygen; the default installation does not contain such keys. (CVE-2014-9294) A missing return statement in the receive() function could potentially allow a remote attacker to bypass NTP's authentication mechanism. (CVE-2014-9296) All ntp users are advised to upgrade to this updated package, which contains backported patches to resolve these issues. After installing the update, the ntpd daemon will restart automatically.
    last seen 2017-10-29
    modified 2017-01-06
    plugin id 81071
    published 2015-01-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81071
    title RHEL 6 : ntp (RHSA-2015:0104)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-116.NASL
    description Several vulnerabilities were discovered in the ntp package, an implementation of the Network Time Protocol. CVE-2014-9293 ntpd generated a weak key for its internal use, with full administrative privileges. Attackers could use this key to reconfigure ntpd (or to exploit other vulnerabilities). CVE-2014-9294 The ntp-keygen utility generated weak MD5 keys with insufficient entropy. CVE-2014-9295 ntpd had several buffer overflows (both on the stack and in the data section), allowing remote authenticated attackers to crash ntpd or potentially execute arbitrary code. CVE-2014-9296 The general packet processing function in ntpd did not handle an error case correctly. The default ntpd configuration in Debian restricts access to localhost (and possible the adjacent network in case of IPv6). Keys explicitly generated by 'ntp-keygen -M' should be regenerated. For the oldstable distribution (squeeze), these problems have been fixed in version 4.2.6.p2+dfsg-1+deb6u1. We recommend that you upgrade your heirloom-mailx packages. Thanks to the Florian Weimer for the Red Hat security update. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2017-10-29
    modified 2015-12-02
    plugin id 82099
    published 2015-03-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82099
    title Debian DLA-116-1 : ntp security update
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2014-2024.NASL
    description Updated ntp packages that fix several security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The Network Time Protocol (NTP) is used to synchronize a computer's time with a referenced time source. Multiple buffer overflow flaws were discovered in ntpd's crypto_recv(), ctl_putdata(), and configure() functions. A remote attacker could use either of these flaws to send a specially crafted request packet that could crash ntpd or, potentially, execute arbitrary code with the privileges of the ntp user. Note: the crypto_recv() flaw requires non-default configurations to be active, while the ctl_putdata() flaw, by default, can only be exploited via local attackers, and the configure() flaw requires additional authentication to exploit. (CVE-2014-9295) It was found that ntpd automatically generated weak keys for its internal use if no ntpdc request authentication key was specified in the ntp.conf configuration file. A remote attacker able to match the configured IP restrictions could guess the generated key, and possibly use it to send ntpdc query or configuration requests. (CVE-2014-9293) It was found that ntp-keygen used a weak method for generating MD5 keys. This could possibly allow an attacker to guess generated MD5 keys that could then be used to spoof an NTP client or server. Note: it is recommended to regenerate any MD5 keys that had explicitly been generated with ntp-keygen; the default installation does not contain such keys). (CVE-2014-9294) A missing return statement in the receive() function could potentially allow a remote attacker to bypass NTP's authentication mechanism. (CVE-2014-9296) All ntp users are advised to upgrade to this updated package, which contains backported patches to resolve these issues. After installing the update, the ntpd daemon will restart automatically.
    last seen 2017-10-29
    modified 2017-01-06
    plugin id 80160
    published 2014-12-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80160
    title RHEL 6 / 7 : ntp (RHSA-2014:2024)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2014-2025.NASL
    description Updated ntp packages that fix several security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The Network Time Protocol (NTP) is used to synchronize a computer's time with a referenced time source. Multiple buffer overflow flaws were discovered in ntpd's crypto_recv(), ctl_putdata(), and configure() functions. A remote attacker could use either of these flaws to send a specially crafted request packet that could crash ntpd or, potentially, execute arbitrary code with the privileges of the ntp user. Note: the crypto_recv() flaw requires non-default configurations to be active, while the ctl_putdata() flaw, by default, can only be exploited via local attackers, and the configure() flaw requires additional authentication to exploit. (CVE-2014-9295) It was found that ntpd automatically generated weak keys for its internal use if no ntpdc request authentication key was specified in the ntp.conf configuration file. A remote attacker able to match the configured IP restrictions could guess the generated key, and possibly use it to send ntpdc query or configuration requests. (CVE-2014-9293) It was found that ntp-keygen used a weak method for generating MD5 keys. This could possibly allow an attacker to guess generated MD5 keys that could then be used to spoof an NTP client or server. Note: it is recommended to regenerate any MD5 keys that had explicitly been generated with ntp-keygen; the default installation does not contain such keys). (CVE-2014-9294) All ntp users are advised to upgrade to this updated package, which contains backported patches to resolve these issues. After installing the update, the ntpd daemon will restart automatically.
    last seen 2017-10-29
    modified 2017-01-06
    plugin id 80161
    published 2014-12-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80161
    title RHEL 5 : ntp (RHSA-2014:2025)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_4033D82687DD11E490793C970E169BC2.NASL
    description CERT reports : The Network Time Protocol (NTP) provides networked systems with a way to synchronize time for various services and applications. ntpd version 4.2.7 and previous versions allow attackers to overflow several buffers in a way that may allow malicious code to be executed. ntp-keygen prior to version 4.2.7p230 also uses a non-cryptographic random number generator when generating symmetric keys. The buffer overflow vulnerabilities in ntpd may allow a remote unauthenticated attacker to execute arbitrary malicious code with the privilege level of the ntpd process. The weak default key and non-cryptographic random number generator in ntp-keygen may allow an attacker to gain information regarding the integrity checking and authentication encryption schemes.
    last seen 2017-10-29
    modified 2017-07-06
    plugin id 80149
    published 2014-12-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80149
    title FreeBSD : ntp -- multiple vulnerabilities (4033d826-87dd-11e4-9079-3c970e169bc2)
  • NASL family AIX Local Security Checks
    NASL id AIX_IV68427.NASL
    description CVE-2014-9293 If no authentication key is defined in the ntp.conf file, a cryptographically-weak default key is generated. CVE-2014-9294 ntp-keygen before 4.2.7p230 uses a non-cryptographic random number generator with a weak seed to generate symmetric keys. CVE-2014-9295 A remote unauthenticated attacker may craft special packets that trigger buffer overflow.
    last seen 2017-10-29
    modified 2015-11-01
    plugin id 81272
    published 2015-02-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81272
    title AIX 5.3 TL 12 : ntp (IV68427)
  • NASL family AIX Local Security Checks
    NASL id AIX_IV68429.NASL
    description CVE-2014-9293 If no authentication key is defined in the ntp.conf file, a cryptographically-weak default key is generated. CVE-2014-9294 ntp-keygen before 4.2.7p230 uses a non-cryptographic random number generator with a weak seed to generate symmetric keys. CVE-2014-9295 A remote unauthenticated attacker may craft special packets that trigger buffer overflow.
    last seen 2017-10-29
    modified 2015-11-01
    plugin id 81274
    published 2015-02-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81274
    title AIX 7.1 TL 2 : ntp (IV68429)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2014-0085.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - don't generate weak control key for resolver (CVE-2014-9293) - don't generate weak MD5 keys in ntp-keygen (CVE-2014-9294) - fix buffer overflows via specially-crafted packets (CVE-2014-9295) - don't mobilize passive association when authentication fails (CVE-2014-9296)
    last seen 2017-10-29
    modified 2017-02-14
    plugin id 80248
    published 2014-12-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80248
    title OracleVM 3.3 : ntp (OVMSA-2014-0085)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS11_NTP_20150120.NASL
    description The remote Solaris system is missing necessary patches to address security updates : - Multiple stack-based buffer overflows in ntpd in NTP before 4.2.8 allow remote attackers to execute arbitrary code via a crafted packet, related to (1) the crypto_recv function when the Autokey Authentication feature is used, (2) the ctl_putdata function, and (3) the configure function. (CVE-2014-9295) - The receive function in ntp_proto.c in ntpd in NTP before 4.2.8 continues to execute after detecting a certain authentication error, which might allow remote attackers to trigger an unintended association change via crafted packets. (CVE-2014-9296)
    last seen 2017-10-29
    modified 2015-11-01
    plugin id 80934
    published 2015-01-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80934
    title Oracle Solaris Third-Party Patch Update : ntp (multiple_vulnerabilities_in_ntp)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2014-2025.NASL
    description Updated ntp packages that fix several security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The Network Time Protocol (NTP) is used to synchronize a computer's time with a referenced time source. Multiple buffer overflow flaws were discovered in ntpd's crypto_recv(), ctl_putdata(), and configure() functions. A remote attacker could use either of these flaws to send a specially crafted request packet that could crash ntpd or, potentially, execute arbitrary code with the privileges of the ntp user. Note: the crypto_recv() flaw requires non-default configurations to be active, while the ctl_putdata() flaw, by default, can only be exploited via local attackers, and the configure() flaw requires additional authentication to exploit. (CVE-2014-9295) It was found that ntpd automatically generated weak keys for its internal use if no ntpdc request authentication key was specified in the ntp.conf configuration file. A remote attacker able to match the configured IP restrictions could guess the generated key, and possibly use it to send ntpdc query or configuration requests. (CVE-2014-9293) It was found that ntp-keygen used a weak method for generating MD5 keys. This could possibly allow an attacker to guess generated MD5 keys that could then be used to spoof an NTP client or server. Note: it is recommended to regenerate any MD5 keys that had explicitly been generated with ntp-keygen; the default installation does not contain such keys). (CVE-2014-9294) All ntp users are advised to upgrade to this updated package, which contains backported patches to resolve these issues. After installing the update, the ntpd daemon will restart automatically.
    last seen 2017-10-29
    modified 2015-11-01
    plugin id 80125
    published 2014-12-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80125
    title CentOS 5 : ntp (CESA-2014:2025)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2014-356-01.NASL
    description New ntp packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.
    last seen 2017-10-29
    modified 2015-11-01
    plugin id 80204
    published 2014-12-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80204
    title Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : ntp (SSA:2014-356-01)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2015-0001.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - Remove default ntp servers in ntp.conf [bug 14342986] - don't generate weak control key for resolver (CVE-2014-9293) - don't generate weak MD5 keys in ntp-keygen (CVE-2014-9294) - fix buffer overflows via specially-crafted packets (CVE-2014-9295) - increase memlock limit again (#1035198) - allow selection of cipher for private key files (#741573) - revert init script priority (#470945, #689636) - drop tentative patch (#489835) - move restorecon call to %posttrans - call restorecon on ntpd and ntpdate on start (#470945) - don't crash with more than 512 local addresses (#661934) - add -I option (#528799) - fix -L option to not require argument (#460434) - move ntpd and ntpdate to /sbin and start earlier on boot (#470945, #689636) - increase memlock limit (#575874) - ignore tentative addresses (#489835) - print synchronization distance instead of dispersion in ntpstat (#679034) - fix typos in ntpq and ntp-keygen man pages (#664524, #664525) - clarify ntpd -q description (#591838) - don't verify ntp.conf (#481151) - replace Prereq tag - fix DoS with mode 7 packets (#532640, CVE-2009-3563) - compile with -fno-strict-aliasing - fix buffer overflow when parsing Autokey association message (#500784, CVE-2009-1252) - fix buffer overflow in ntpq (#500784, CVE-2009-0159) - fix check for malformed signatures (#479699, CVE-2009-0021)
    last seen 2017-10-29
    modified 2017-02-14
    plugin id 80394
    published 2015-01-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80394
    title OracleVM 3.2 : ntp (OVMSA-2015-0001)
  • NASL family Firewalls
    NASL id CHECK_POINT_GAIA_SK103825.NASL
    description The remote host is running a version of Gaia Operating System that is prior to R77.20 and thus, is potentially affected by multiple NTP client vulnerabilities. Note that NTP client is disabled by default. Further note that if the vendor's suggested mitigations are in place, this can be considered a false positive.
    last seen 2017-12-09
    modified 2017-12-08
    plugin id 105085
    published 2017-12-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105085
    title Check Point Gaia Operating System < R77.20 Multiple NTP Client Vulnerabilities (sk103825)
  • NASL family CISCO
    NASL id CISCO-SN-CSCUS27229-IOSXR.NASL
    description The remote Cisco device is running a version of IOS XR software that is affected by the following vulnerabilities : - Errors exist related to weak cryptographic pseudorandom number generation (PRNG), the functions 'ntp_random' and and 'config_auth', and the 'ntp-keygen' utility. A man-in-the-middle attacker can exploit these to disclose sensitive information. (CVE-2014-9293, CVE-2014-9294) - Multiple stack-based buffer overflow errors exist in the Network Time Protocol daemon (ntpd), which a remote attacker can exploit to execute arbitrary code or cause a denial of service by using a specially crafted packet. (CVE-2014-9295) - An error exists in the 'receive' function in the Network Time Protocol daemon (ntpd) that allows denial of service attacks. (CVE-2014-9296)
    last seen 2017-10-29
    modified 2015-11-01
    plugin id 81913
    published 2015-03-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81913
    title Cisco IOS XR NCS 6000 Multiple ntpd Vulnerabilities
  • NASL family Misc.
    NASL id NTP_4_2_8.NASL
    description The version of the remote NTP server is 4.x prior to 4.2.8p1. It is, therefore, affected by the following vulnerabilities : - A security weakness exists due to the config_auth() function improperly generating default keys when no authentication key is defined in the ntp.conf file. Key size is limited to 31 bits and the insecure ntp_random() function is used, resulting in cryptographically-weak keys with insufficient entropy. A remote attacker can exploit this to defeat cryptographic protection mechanisms via a brute-force attack. (CVE-2014-9293) - A security weakness exists due the use of a weak seed to prepare a random number generator used to generate symmetric keys. This allows a remote attacker to defeat cryptographic protection mechanisms via a brute-force attack. (CVE-2014-9294) - Multiple stack-based buffer overflow conditions exist due to improper validation of user-supplied input when handling packets in the crypto_recv(), ctl_putdata(), and configure() functions when using autokey authentication. A remote attacker can exploit this, via a specially crafted packet, to cause a denial of service condition or the execution of arbitrary code. (CVE-2014-9295) - A unspecified vulnerability exists due to missing return statements in the receive() function, resulting in continued processing even when an authentication error is encountered. This allows a remote attacker, via specially crafted packets, to trigger unintended association changes. (CVE-2014-9296) - An information disclosure vulnerability exists due to improper validation of the 'vallen' value in extension fields in ntp_crypto.c. A remote attacker can exploit this to disclose sensitive information. (CVE-2014-9750) - A security bypass vulnerability exists due to a failure to restrict ::1 source addresses on IPv6 interfaces. A remote attacker can exploit this to bypass configured ACLs based on ::1. (CVE-2014-9751) Note that CVE-2014-9750 and CVE-2014-9751 supersede the discontinued identifiers CVE-2014-9297 and CVE-2014-9298, which were originally cited in the vendor advisory.
    last seen 2017-10-29
    modified 2016-12-07
    plugin id 81981
    published 2015-03-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81981
    title Network Time Protocol Daemon (ntpd) 4.x < 4.2.8p1 Multiple Vulnerabilities
  • NASL family CISCO
    NASL id CISCO_PRIME_LMS_SA-20141222-NTPD.NASL
    description According to its self-reported version number, the Cisco Prime LAN Management Solution running on the remote host is affected by multiple vulnerabilities : - A security weakness exists due to the config_auth() function improperly generating default keys when no authentication key is defined in the 'ntp.conf' file. Key size is limited to 31 bits and the insecure ntp_random() function is used, resulting in cryptographically weak keys with insufficient entropy. This allows a remote attacker to defeat cryptographic protection mechanisms via a brute-force attack. (CVE-2014-9293) - A security weakness exists due the use of a weak seed to prepare a random number generator used to generate symmetric keys. This allows remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. (CVE-2014-9294) - Multiple stack-based buffer overflows exist due to improperly validated user-supplied input when handling packets in the crypto_recv(), ctl_putdata(), and configure() functions when using autokey authentication. This allows a remote attacker, via a specially crafted packet, to cause a denial of service condition or execute arbitrary code. (CVE-2014-9295) - A unspecified vulnerability exists due to missing return statements in the receive() function, resulting in continued processing even when an authentication error is encountered. This allows a remote attacker, via crafted packets, to trigger unintended association changes. (CVE-2014-9296)
    last seen 2017-10-29
    modified 2015-11-01
    plugin id 83877
    published 2015-05-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83877
    title Cisco Prime LAN Management Solution ntpd Multiple Vulnerabilities
  • NASL family HP-UX Local Security Checks
    NASL id HPUX_PHNE_44236.NASL
    description s700_800 11.23 NTP timeservices upgrade plus utilities : Potential security vulnerabilities have been identified with HP-UX running NTP. These could be exploited remotely to execute code, create a Denial of Service (DoS), or other vulnerabilities. References: CVE-2014-9293 - Insufficient Entropy in Pseudo-Random Number Generator (PRNG) (CWE-332) CVE-2014-9294 - Use of Cryptographically Weak PRNG (CWE-338) CVE-2014-9295 - Stack Buffer Overflow (CWE-121) CVE-2014-9296 - Error Conditions, Return Values, Status Codes (CWE-389) CVE-2014-9297 - Improper Check for Unusual or Exceptional Conditions (CWE-754) SSRT101872 VU#852879.
    last seen 2017-10-29
    modified 2015-11-01
    plugin id 82683
    published 2015-04-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82683
    title HP-UX PHNE_44236 : s700_800 11.23 NTP timeservices upgrade plus utilities
  • NASL family CGI abuses
    NASL id CISCO-SA-20141222-NTPD-PRSM.NASL
    description According to its self-reported version number, the version of Cisco Prime Security Manager running on the remote host is prior to 9.3.3.2. It is, therefore, affected by multiple vulnerabilities in the bundled NTP libraries : - A security weakness exists due to the config_auth() function improperly generating default keys when no authentication key is defined in the 'ntp.conf' file. Key size is limited to 31 bits and the insecure ntp_random() function is used, resulting in cryptographically-weak keys with insufficient entropy. This allows a remote attacker to defeat cryptographic protection mechanisms via a brute-force attack. (CVE-2014-9293) - A security weakness exists due the use of a weak seed to prepare a random number generator used to generate symmetric keys. This allows remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. (CVE-2014-9294) - Multiple stack-based buffer overflows exist due to improperly validated user-supplied input when handling packets in the crypto_recv(), ctl_putdata(), and configure() functions when using autokey authentication. This allows a remote attacker, via a specially crafted packet, to cause a denial of service condition or execute arbitrary code. (CVE-2014-9295) - A unspecified vulnerability exists due to missing return statements in the receive() function, resulting in continued processing even when an authentication error is encountered. This allows a remote attacker, via crafted packets, to trigger unintended association changes. (CVE-2014-9296)
    last seen 2018-06-14
    modified 2018-06-13
    plugin id 81980
    published 2015-03-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81980
    title Cisco Prime Security Manager Network Time Protocol Daemon (ntpd) Multiple Vulnerabilities (cisco-sa-20141222-ntpd)
  • NASL family CISCO
    NASL id CISCO-SA-20141222-NTPD-NXOS.NASL
    description The remote Cisco device is running a version of NX-OS software that is affected by the following vulnerabilities : - Errors exist related to weak cryptographic pseudorandom number generation (PRNG), the functions 'ntp_random' and and 'config_auth', and the 'ntp-keygen' utility. A man-in-the-middle attacker can exploit these to disclose sensitive information. (CVE-2014-9293, CVE-2014-9294) - Multiple stack-based buffer overflow errors exist in the Network Time Protocol daemon (ntpd), which a remote attacker can exploit to execute arbitrary code or cause a denial of service by using a specially crafted packet. (CVE-2014-9295) - An error exists in the 'receive' function in the Network Time Protocol daemon (ntpd) that allows denial of service attacks. (CVE-2014-9296)
    last seen 2017-10-29
    modified 2015-11-01
    plugin id 81911
    published 2015-03-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81911
    title Cisco NX-OS Multiple ntpd Vulnerabilities
  • NASL family AIX Local Security Checks
    NASL id AIX_IV68430.NASL
    description The version of NTP installed on the remote AIX host is affected by the following vulnerabilities : - A security weakness exists due to the config_auth() function improperly generating default keys when no authentication key is defined in the ntp.conf file. Key size is limited to 31 bits and the insecure ntp_random() function is used, resulting in cryptographically-weak keys with insufficient entropy. A remote attacker can exploit this to defeat cryptographic protection mechanisms via a brute-force attack. (CVE-2014-9293) - A security weakness exists due the use of a weak seed to prepare a random number generator used to generate symmetric keys. This allows a remote attacker to defeat cryptographic protection mechanisms via a brute-force attack. (CVE-2014-9294) - Multiple stack-based buffer overflow conditions exist due to improper validation of user-supplied input when handling packets in the crypto_recv(), ctl_putdata(), and configure() functions when using autokey authentication. A remote attacker can exploit this, via a specially crafted packet, to cause a denial of service condition or the execution of arbitrary code. (CVE-2014-9295)
    last seen 2018-06-12
    modified 2018-06-11
    plugin id 81275
    published 2015-02-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81275
    title AIX 7.1 TL 3 : ntp (IV68430)
redhat via4
advisories
  • rhsa
    id RHSA-2014:2025
  • rhsa
    id RHSA-2015:0104
rpms
  • ntp-0:4.2.6p5-19.el7_0
  • ntp-doc-0:4.2.6p5-19.el7_0
  • ntp-perl-0:4.2.6p5-19.el7_0
  • ntpdate-0:4.2.6p5-19.el7_0
  • sntp-0:4.2.6p5-19.el7_0
  • ntp-0:4.2.6p5-2.el6_6
  • ntp-doc-0:4.2.6p5-2.el6_6
  • ntp-perl-0:4.2.6p5-2.el6_6
  • ntpdate-0:4.2.6p5-2.el6_6
  • ntp-0:4.2.2p1-18.el5_11
refmap via4
bid 71762
cert-vn VU#852879
cisco 20141222 Multiple Vulnerabilities in ntpd Affecting Cisco Products
confirm
hp
  • HPSBGN03277
  • HPSBOV03505
  • HPSBPV03266
  • HPSBUX03240
  • SSRT101872
mandriva MDVSA-2015:003
secunia 62209
Last major update 02-01-2017 - 21:59
Published 19-12-2014 - 21:59
Back to Top